No encryption, No group – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

14-13

Configuration - IPSec Mode

no encryption

Use the IPSec no encryption command to disable encryption. To configure encryption, see encryption
command on page 14-5.

Syntax:

(config-ipsec-{

n})# no encryption {des|3des|aes|aes192| aes256}

Example:

(config-ipsec-1)# no encryption aes

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

no group

Use the IPSec no group command to disable a Diffie-Hellman (DH) group identifier. To set a DH group
identifier, see group command on page 14-6.

Syntax:

(config-ipsec-{

n})# no group {1|2|5}

Example:

(config-ipsec-1)# no group 2

Supported Platforms:

Adit 3104, Adit 3200, Adit 3500, MSR

Field

Definition

des

Disable 56-bit Data Encryption Standard (DES).

3des

Disable 168-bit DES. Default.

aes

Disable 128-bit Advanced Encryption Standard (AES) as the
encryption algorithm.

aes192

Disable 192-bit AES as the encryption algorithm.

aes256

Disable 256-bit AES as the encryption algorithm.

Field

Definition

1

Disable DH group 1 (768 bit).

2

Disable DH group 2 (1024 bit). Default is enabled.

5

Disable DH group 25 (1536 bit). Default is enabled.